GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,170 advisories
Cross-site Scripting (XSS) in serialize-javascript
Moderate
CVE-2024-11831
was published
for
serialize-javascript
(npm)
Feb 10, 2025
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler
Moderate
CVE-2025-27098
was published
for
@graphql-mesh/cli
(npm)
Feb 16, 2023
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
Moderate
CVE-2025-27097
was published
for
@graphql-mesh/runtime
(npm)
Oct 10, 2023
Directus allows updates to non-allowed fields due to overlapping policies
Moderate
CVE-2025-27089
was published
for
@directus/api
(npm)
Feb 19, 2025
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25290
was published
for
@octokit/request
(npm)
Feb 14, 2025
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25288
was published
for
@octokit/plugin-paginate-rest
(npm)
Feb 14, 2025
Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-43407
was published
for
ckeditor/ckeditor
(Composer)
Aug 21, 2024
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25289
was published
for
@octokit/request-error
(npm)
Feb 14, 2025
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
Moderate
CVE-2025-25285
was published
for
@octokit/endpoint
(npm)
Feb 14, 2025
Vega allows Cross-site Scripting via the vlSelectionTuples function
Moderate
CVE-2025-25304
was published
for
vega
(npm)
Feb 14, 2025
cookiejar Regular Expression Denial of Service via Cookie.parse function
Moderate
CVE-2022-25901
was published
for
cookiejar
(Maven)
Jan 18, 2023
Directus allows privilege escalation using Share feature
Moderate
CVE-2025-24353
was published
for
@directus/app
(npm)
Jan 23, 2025
esbuild enables any website to send any requests to the development server and read the response
Moderate
GHSA-67mh-4wv8-2f99
was published
for
esbuild
(npm)
Feb 10, 2025
ProTip!
Advisories are also available from the
GraphQL API